package org.apache.cxf.systest.jaxrs.security.jose.jwt;

import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
import java.net.URL;
import java.security.Security;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import javax.ws.rs.core.Response;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.jose.jaxrs.JwtAuthenticationClientFilter;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.systest.jaxrs.security.Book;
import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.class */
public class JWTAlgorithmTest extends AbstractBusClientServerTestBase {
    public static final String PORT = BookServerJwtAlgorithms.PORT;

    @BeforeClass
    public static void startServers() throws Exception {
        assertTrue("server did not launch correctly", launchServer(BookServerJwtAlgorithms.class, true));
        registerBouncyCastleIfNeeded();
    }

    private static void registerBouncyCastleIfNeeded() throws Exception {
        Security.addProvider(new BouncyCastleProvider());
    }

    @AfterClass
    public static void unregisterBouncyCastleIfNeeded() throws Exception {
        Security.removeProvider("BC");
    }

    @Test
    public void testEncryptionProperties() throws Exception {
        URL resource = JWTAlgorithmTest.class.getResource("client.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        JwtAuthenticationClientFilter jwtAuthenticationClientFilter = new JwtAuthenticationClientFilter();
        jwtAuthenticationClientFilter.setJwsRequired(false);
        jwtAuthenticationClientFilter.setJweRequired(true);
        arrayList.add(jwtAuthenticationClientFilter);
        String str = "https://localhost:" + PORT + "/encryptedjwt/bookstore/books";
        WebClient create = WebClient.create(str, arrayList, resource.toString());
        create.type("application/json").accept(new String[]{"application/json"});
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject("alice");
        jwtClaims.setIssuer("DoubleItSTSIssuer");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(toList(str));
        JwtToken jwtToken = new JwtToken(jwtClaims);
        HashMap hashMap = new HashMap();
        hashMap.put("rs.security.encryption.properties", "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties");
        hashMap.put("jwt.token", jwtToken);
        WebClient.getConfig(create).getRequestContext().putAll(hashMap);
        Response post = create.post(new Book("book", 123L));
        assertEquals(post.getStatus(), 200L);
        Book book = (Book) post.readEntity(Book.class);
        assertEquals(book.getName(), "book");
        assertEquals(book.getId(), 123L);
    }

    @Test
    public void testEncryptionDynamic() throws Exception {
        URL resource = JWTAlgorithmTest.class.getResource("client.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        JwtAuthenticationClientFilter jwtAuthenticationClientFilter = new JwtAuthenticationClientFilter();
        jwtAuthenticationClientFilter.setJwsRequired(false);
        jwtAuthenticationClientFilter.setJweRequired(true);
        arrayList.add(jwtAuthenticationClientFilter);
        String str = "https://localhost:" + PORT + "/encryptedjwt/bookstore/books";
        WebClient create = WebClient.create(str, arrayList, resource.toString());
        create.type("application/json").accept(new String[]{"application/json"});
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject("alice");
        jwtClaims.setIssuer("DoubleItSTSIssuer");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(toList(str));
        JwtToken jwtToken = new JwtToken(jwtClaims);
        HashMap hashMap = new HashMap();
        hashMap.put("rs.security.keystore.type", "jwk");
        hashMap.put("rs.security.keystore.alias", "2011-04-29");
        hashMap.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
        hashMap.put("rs.security.encryption.content.algorithm", "A128GCM");
        hashMap.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
        hashMap.put("jwt.token", jwtToken);
        WebClient.getConfig(create).getRequestContext().putAll(hashMap);
        Response post = create.post(new Book("book", 123L));
        assertEquals(post.getStatus(), 200L);
        Book book = (Book) post.readEntity(Book.class);
        assertEquals(book.getName(), "book");
        assertEquals(book.getId(), 123L);
    }

    @Test
    public void testWrongKeyEncryptionAlgorithm() throws Exception {
        URL resource = JWTAlgorithmTest.class.getResource("client.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        JwtAuthenticationClientFilter jwtAuthenticationClientFilter = new JwtAuthenticationClientFilter();
        jwtAuthenticationClientFilter.setJwsRequired(false);
        jwtAuthenticationClientFilter.setJweRequired(true);
        arrayList.add(jwtAuthenticationClientFilter);
        String str = "https://localhost:" + PORT + "/encryptedjwt/bookstore/books";
        WebClient create = WebClient.create(str, arrayList, resource.toString());
        create.type("application/json").accept(new String[]{"application/json"});
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject("alice");
        jwtClaims.setIssuer("DoubleItSTSIssuer");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(toList(str));
        JwtToken jwtToken = new JwtToken(jwtClaims);
        HashMap hashMap = new HashMap();
        hashMap.put("rs.security.keystore.type", "jwk");
        hashMap.put("rs.security.keystore.alias", "2011-04-29");
        hashMap.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
        hashMap.put("rs.security.encryption.content.algorithm", "A128GCM");
        hashMap.put("rs.security.encryption.key.algorithm", "RSA1_5");
        hashMap.put("jwt.token", jwtToken);
        WebClient.getConfig(create).getRequestContext().putAll(hashMap);
        assertNotEquals(create.post(new Book("book", 123L)).getStatus(), 200L);
    }

    @Test
    public void testWrongContentEncryptionAlgorithm() throws Exception {
        if (SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
            URL resource = JWTAlgorithmTest.class.getResource("client.xml");
            ArrayList arrayList = new ArrayList();
            arrayList.add(new JacksonJsonProvider());
            JwtAuthenticationClientFilter jwtAuthenticationClientFilter = new JwtAuthenticationClientFilter();
            jwtAuthenticationClientFilter.setJwsRequired(false);
            jwtAuthenticationClientFilter.setJweRequired(true);
            arrayList.add(jwtAuthenticationClientFilter);
            String str = "https://localhost:" + PORT + "/encryptedjwt/bookstore/books";
            WebClient create = WebClient.create(str, arrayList, resource.toString());
            create.type("application/json").accept(new String[]{"application/json"});
            JwtClaims jwtClaims = new JwtClaims();
            jwtClaims.setSubject("alice");
            jwtClaims.setIssuer("DoubleItSTSIssuer");
            jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
            jwtClaims.setAudiences(toList(str));
            JwtToken jwtToken = new JwtToken(jwtClaims);
            HashMap hashMap = new HashMap();
            hashMap.put("rs.security.keystore.type", "jwk");
            hashMap.put("rs.security.keystore.alias", "2011-04-29");
            hashMap.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
            hashMap.put("rs.security.encryption.content.algorithm", "A128GCM");
            hashMap.put("rs.security.encryption.content.algorithm", "A192GCM");
            hashMap.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
            hashMap.put("jwt.token", jwtToken);
            WebClient.getConfig(create).getRequestContext().putAll(hashMap);
            assertNotEquals(create.post(new Book("book", 123L)).getStatus(), 200L);
        }
    }

    @Test
    public void testBadEncryptingKey() throws Exception {
        if (SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
            URL resource = JWTAlgorithmTest.class.getResource("client.xml");
            ArrayList arrayList = new ArrayList();
            arrayList.add(new JacksonJsonProvider());
            JwtAuthenticationClientFilter jwtAuthenticationClientFilter = new JwtAuthenticationClientFilter();
            jwtAuthenticationClientFilter.setJwsRequired(false);
            jwtAuthenticationClientFilter.setJweRequired(true);
            arrayList.add(jwtAuthenticationClientFilter);
            String str = "https://localhost:" + PORT + "/encryptedjwt/bookstore/books";
            WebClient create = WebClient.create(str, arrayList, resource.toString());
            create.type("application/json").accept(new String[]{"application/json"});
            JwtClaims jwtClaims = new JwtClaims();
            jwtClaims.setSubject("alice");
            jwtClaims.setIssuer("DoubleItSTSIssuer");
            jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
            jwtClaims.setAudiences(toList(str));
            JwtToken jwtToken = new JwtToken(jwtClaims);
            HashMap hashMap = new HashMap();
            hashMap.put("rs.security.keystore.type", "jwk");
            hashMap.put("rs.security.keystore.alias", "AliceCert");
            hashMap.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
            hashMap.put("rs.security.encryption.content.algorithm", "A128GCM");
            hashMap.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
            hashMap.put("jwt.token", jwtToken);
            WebClient.getConfig(create).getRequestContext().putAll(hashMap);
            assertNotEquals(create.post(new Book("book", 123L)).getStatus(), 200L);
        }
    }

    @Test
    public void testSignatureProperties() throws Exception {
        URL resource = JWTAlgorithmTest.class.getResource("client.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        arrayList.add(new JwtAuthenticationClientFilter());
        String str = "https://localhost:" + PORT + "/signedjwt/bookstore/books";
        WebClient create = WebClient.create(str, arrayList, resource.toString());
        create.type("application/json").accept(new String[]{"application/json"});
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject("alice");
        jwtClaims.setIssuer("DoubleItSTSIssuer");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(toList(str));
        JwtToken jwtToken = new JwtToken(jwtClaims);
        HashMap hashMap = new HashMap();
        hashMap.put("rs.security.signature.properties", "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties");
        hashMap.put("jwt.token", jwtToken);
        WebClient.getConfig(create).getRequestContext().putAll(hashMap);
        Response post = create.post(new Book("book", 123L));
        assertEquals(post.getStatus(), 200L);
        Book book = (Book) post.readEntity(Book.class);
        assertEquals(book.getName(), "book");
        assertEquals(book.getId(), 123L);
    }

    @Test
    public void testSignatureDynamic() throws Exception {
        URL resource = JWTAlgorithmTest.class.getResource("client.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        arrayList.add(new JwtAuthenticationClientFilter());
        String str = "https://localhost:" + PORT + "/signedjwt/bookstore/books";
        WebClient create = WebClient.create(str, arrayList, resource.toString());
        create.type("application/json").accept(new String[]{"application/json"});
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject("alice");
        jwtClaims.setIssuer("DoubleItSTSIssuer");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(toList(str));
        JwtToken jwtToken = new JwtToken(jwtClaims);
        HashMap hashMap = new HashMap();
        hashMap.put("rs.security.keystore.type", "jwk");
        hashMap.put("rs.security.keystore.alias", "2011-04-29");
        hashMap.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
        hashMap.put("rs.security.signature.algorithm", "RS256");
        hashMap.put("jwt.token", jwtToken);
        WebClient.getConfig(create).getRequestContext().putAll(hashMap);
        Response post = create.post(new Book("book", 123L));
        assertEquals(post.getStatus(), 200L);
        Book book = (Book) post.readEntity(Book.class);
        assertEquals(book.getName(), "book");
        assertEquals(book.getId(), 123L);
    }

    @Test
    public void testWrongSignatureAlgorithm() throws Exception {
        URL resource = JWTAlgorithmTest.class.getResource("client.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        arrayList.add(new JwtAuthenticationClientFilter());
        String str = "https://localhost:" + PORT + "/signedjwt/bookstore/books";
        WebClient create = WebClient.create(str, arrayList, resource.toString());
        create.type("application/json").accept(new String[]{"application/json"});
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject("alice");
        jwtClaims.setIssuer("DoubleItSTSIssuer");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(toList(str));
        JwtToken jwtToken = new JwtToken(jwtClaims);
        HashMap hashMap = new HashMap();
        hashMap.put("rs.security.keystore.type", "jwk");
        hashMap.put("rs.security.keystore.alias", "2011-04-29");
        hashMap.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
        hashMap.put("rs.security.signature.algorithm", "PS256");
        hashMap.put("jwt.token", jwtToken);
        WebClient.getConfig(create).getRequestContext().putAll(hashMap);
        assertNotEquals(create.post(new Book("book", 123L)).getStatus(), 200L);
    }

    @Test
    public void testBadSigningKey() throws Exception {
        URL resource = JWTAlgorithmTest.class.getResource("client.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        arrayList.add(new JwtAuthenticationClientFilter());
        String str = "https://localhost:" + PORT + "/signedjwt/bookstore/books";
        WebClient create = WebClient.create(str, arrayList, resource.toString());
        create.type("application/json").accept(new String[]{"application/json"});
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject("alice");
        jwtClaims.setIssuer("DoubleItSTSIssuer");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(toList(str));
        JwtToken jwtToken = new JwtToken(jwtClaims);
        HashMap hashMap = new HashMap();
        hashMap.put("rs.security.keystore.type", "jks");
        hashMap.put("rs.security.keystore.password", "password");
        hashMap.put("rs.security.key.password", "password");
        hashMap.put("rs.security.keystore.alias", "alice");
        hashMap.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
        hashMap.put("rs.security.signature.algorithm", "RS256");
        hashMap.put("jwt.token", jwtToken);
        WebClient.getConfig(create).getRequestContext().putAll(hashMap);
        assertNotEquals(create.post(new Book("book", 123L)).getStatus(), 200L);
    }

    @Test
    public void testSignatureEllipticCurve() throws Exception {
        URL resource = JWTAlgorithmTest.class.getResource("client.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        arrayList.add(new JwtAuthenticationClientFilter());
        String str = "https://localhost:" + PORT + "/signedjwtec/bookstore/books";
        WebClient create = WebClient.create(str, arrayList, resource.toString());
        create.type("application/json").accept(new String[]{"application/json"});
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject("alice");
        jwtClaims.setIssuer("DoubleItSTSIssuer");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(toList(str));
        JwtToken jwtToken = new JwtToken(jwtClaims);
        HashMap hashMap = new HashMap();
        hashMap.put("rs.security.keystore.type", "jwk");
        hashMap.put("rs.security.keystore.alias", "ECKey");
        hashMap.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
        hashMap.put("rs.security.signature.algorithm", "ES256");
        hashMap.put("jwt.token", jwtToken);
        WebClient.getConfig(create).getRequestContext().putAll(hashMap);
        Response post = create.post(new Book("book", 123L));
        assertEquals(post.getStatus(), 200L);
        Book book = (Book) post.readEntity(Book.class);
        assertEquals(book.getName(), "book");
        assertEquals(book.getId(), 123L);
    }

    @Test
    public void testSmallSignatureKeySize() throws Exception {
        URL resource = JWTAlgorithmTest.class.getResource("client.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        arrayList.add(new JwtAuthenticationClientFilter());
        String str = "https://localhost:" + PORT + "/signedjwt/bookstore/books";
        WebClient create = WebClient.create(str, arrayList, resource.toString());
        create.type("application/json").accept(new String[]{"application/json"});
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject("alice");
        jwtClaims.setIssuer("DoubleItSTSIssuer");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(toList(str));
        JwtToken jwtToken = new JwtToken(jwtClaims);
        HashMap hashMap = new HashMap();
        hashMap.put("rs.security.keystore.type", "jks");
        hashMap.put("rs.security.keystore.alias", "smallkey");
        hashMap.put("rs.security.keystore.password", "security");
        hashMap.put("rs.security.key.password", "security");
        hashMap.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks");
        hashMap.put("rs.security.signature.algorithm", "RS256");
        hashMap.put("jwt.token", jwtToken);
        WebClient.getConfig(create).getRequestContext().putAll(hashMap);
        assertNotEquals(create.post(new Book("book", 123L)).getStatus(), 200L);
    }

    @Test
    public void testUnsignedTokenSuccess() throws Exception {
        URL resource = JWTAlgorithmTest.class.getResource("client.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        arrayList.add(new JwtAuthenticationClientFilter());
        String str = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books";
        WebClient create = WebClient.create(str, arrayList, resource.toString());
        create.type("application/json").accept(new String[]{"application/json"});
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject("alice");
        jwtClaims.setIssuer("DoubleItSTSIssuer");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(toList(str));
        JwtToken jwtToken = new JwtToken(jwtClaims);
        HashMap hashMap = new HashMap();
        hashMap.put("rs.security.signature.algorithm", "none");
        hashMap.put("jwt.token", jwtToken);
        WebClient.getConfig(create).getRequestContext().putAll(hashMap);
        Response post = create.post(new Book("book", 123L));
        assertEquals(post.getStatus(), 200L);
        Book book = (Book) post.readEntity(Book.class);
        assertEquals(book.getName(), "book");
        assertEquals(book.getId(), 123L);
    }

    @Test
    public void testUnsignedTokenFailure() throws Exception {
        URL resource = JWTAlgorithmTest.class.getResource("client.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        arrayList.add(new JwtAuthenticationClientFilter());
        String str = "https://localhost:" + PORT + "/signedjwt/bookstore/books";
        WebClient create = WebClient.create(str, arrayList, resource.toString());
        create.type("application/json").accept(new String[]{"application/json"});
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject("alice");
        jwtClaims.setIssuer("DoubleItSTSIssuer");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(toList(str));
        JwtToken jwtToken = new JwtToken(jwtClaims);
        HashMap hashMap = new HashMap();
        hashMap.put("rs.security.signature.algorithm", "none");
        hashMap.put("jwt.token", jwtToken);
        WebClient.getConfig(create).getRequestContext().putAll(hashMap);
        assertNotEquals(create.post(new Book("book", 123L)).getStatus(), 200L);
    }

    @Test
    public void testSignatureEncryptionProperties() throws Exception {
        URL resource = JWTAlgorithmTest.class.getResource("client.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        JwtAuthenticationClientFilter jwtAuthenticationClientFilter = new JwtAuthenticationClientFilter();
        jwtAuthenticationClientFilter.setJwsRequired(true);
        jwtAuthenticationClientFilter.setJweRequired(true);
        arrayList.add(jwtAuthenticationClientFilter);
        String str = "https://localhost:" + PORT + "/signedencryptedjwt/bookstore/books";
        WebClient create = WebClient.create(str, arrayList, resource.toString());
        create.type("application/json").accept(new String[]{"application/json"});
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject("alice");
        jwtClaims.setIssuer("DoubleItSTSIssuer");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(toList(str));
        JwtToken jwtToken = new JwtToken(jwtClaims);
        HashMap hashMap = new HashMap();
        hashMap.put("rs.security.signature.properties", "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties");
        hashMap.put("rs.security.encryption.properties", "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties");
        hashMap.put("jwt.token", jwtToken);
        WebClient.getConfig(create).getRequestContext().putAll(hashMap);
        Response post = create.post(new Book("book", 123L));
        assertEquals(post.getStatus(), 200L);
        Book book = (Book) post.readEntity(Book.class);
        assertEquals(book.getName(), "book");
        assertEquals(book.getId(), 123L);
    }

    @Test
    public void testSignatureCertificateTest() throws Exception {
        URL resource = JWTAlgorithmTest.class.getResource("client.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        arrayList.add(new JwtAuthenticationClientFilter());
        String str = "https://localhost:" + PORT + "/signedjwtincludecert/bookstore/books";
        WebClient create = WebClient.create(str, arrayList, resource.toString());
        create.type("application/json").accept(new String[]{"application/json"});
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject("alice");
        jwtClaims.setIssuer("DoubleItSTSIssuer");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(toList(str));
        JwtToken jwtToken = new JwtToken(jwtClaims);
        HashMap hashMap = new HashMap();
        hashMap.put("rs.security.keystore.type", "jks");
        hashMap.put("rs.security.keystore.password", "password");
        hashMap.put("rs.security.key.password", "password");
        hashMap.put("rs.security.keystore.alias", "alice");
        hashMap.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
        hashMap.put("rs.security.signature.algorithm", "RS256");
        hashMap.put("rs.security.signature.include.cert", "true");
        hashMap.put("jwt.token", jwtToken);
        WebClient.getConfig(create).getRequestContext().putAll(hashMap);
        Response post = create.post(new Book("book", 123L));
        assertEquals(post.getStatus(), 200L);
        Book book = (Book) post.readEntity(Book.class);
        assertEquals(book.getName(), "book");
        assertEquals(book.getId(), 123L);
    }

    @Test
    public void testHMACSignature() throws Exception {
        URL resource = JWTAlgorithmTest.class.getResource("client.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        arrayList.add(new JwtAuthenticationClientFilter());
        String str = "https://localhost:" + PORT + "/hmacsignedjwt/bookstore/books";
        WebClient create = WebClient.create(str, arrayList, resource.toString());
        create.type("application/json").accept(new String[]{"application/json"});
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject("alice");
        jwtClaims.setIssuer("DoubleItSTSIssuer");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(toList(str));
        JwtToken jwtToken = new JwtToken(jwtClaims);
        HashMap hashMap = new HashMap();
        hashMap.put("rs.security.keystore.type", "jwk");
        hashMap.put("rs.security.keystore.alias", "HMAC512Key");
        hashMap.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
        hashMap.put("jwt.token", jwtToken);
        WebClient.getConfig(create).getRequestContext().putAll(hashMap);
        Response post = create.post(new Book("book", 123L));
        assertEquals(post.getStatus(), 200L);
        Book book = (Book) post.readEntity(Book.class);
        assertEquals(book.getName(), "book");
        assertEquals(book.getId(), 123L);
    }

    @Test
    public void testBadHMACSignature() throws Exception {
        URL resource = JWTAlgorithmTest.class.getResource("client.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        arrayList.add(new JwtAuthenticationClientFilter());
        String str = "https://localhost:" + PORT + "/hmacsignedjwt/bookstore/books";
        WebClient create = WebClient.create(str, arrayList, resource.toString());
        create.type("application/json").accept(new String[]{"application/json"});
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject("alice");
        jwtClaims.setIssuer("DoubleItSTSIssuer");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(toList(str));
        JwtToken jwtToken = new JwtToken(jwtClaims);
        HashMap hashMap = new HashMap();
        hashMap.put("rs.security.keystore.type", "jwk");
        hashMap.put("rs.security.keystore.alias", "HMACKey");
        hashMap.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
        hashMap.put("jwt.token", jwtToken);
        WebClient.getConfig(create).getRequestContext().putAll(hashMap);
        assertNotEquals(create.post(new Book("book", 123L)).getStatus(), 200L);
    }

    private List<String> toList(String str) {
        return Collections.singletonList(str);
    }
}
